I fancy the idea of femtocells, to take the wirless traffic down into “earth” as fast as possible, but is this femtocell effoert just too late?

I have a NEC G3 femtocell to test out. It can do 3G with speeds up to 14Mbit, and have 4 or 8 (license issue…) concurrent calls. The range is approx 25 metres indoor, 150+ metres outdoor it states in the manual.
The price is estimated to approx 200 USD for the devices at the moment.

But how can this match a WiFi access point capable of 300Mbit already and costing a fifth of it.

It is still sensible since these address to different service markets at the moment, but this services will be Internet based and then who cares if you use 3G/4G/5G or your WiFi. It should only give you Internet access to all your over the top services. And the mobile operator will be just another access provider….

And then a new era has arrived, the time of the machines. No, they will not take over the world today, but start helping you out more and more with your life. All those little things..

From the robot vaccum cleaner (i’ve had one for 5 years already) to the built in intelligence in the microwave, more and more technology around you will get connected. Just like Web 2.0 brought the social web to the Internet for human beings, M2M (machine to machine) communication will get a lot of your technology gadgets to talk to each other, cooperate and give you an even better service.

Even if you use an encrypted VoIP connection, the content of your call can be picked up by analyzing the timing and size of the encrypted traffic. You must use a Variable Bit Rate (VBR) codec, which just compresses the speech which is said. If you would use encryption on G711 with no Voice Activation Detection (VAD) enabled (just a continous stream of data), this phrase recognition would not be possible.

This shows that it you need to see the “whole” picture when securing your communication.

This time it was h.323 on a Cisco CallManager which was exploited in some ways. My personal guess is just bad configuration, but maybe there also is a bug in it as well.From a mailing list:

A company we work closely with, but is not our customer, had their Cisco Call Manager hacked due to some h.323 vulnerability that I don’t have full details on yet. There were a number of calls placed to:

881835211540 881835211556 881835211547

My findings indicate these are Globalstar satellite numbers that cost somewhere between $4 and $7/minute to call, depending on carrier. The victim’s carrier is billing them at $6.50. The total bill for the event is around $13k. This is a small company that can’t really afford this.

If I had a small company and connected to a carrier, I would demand credit limits. It is the same as I would not have a 1 million credit limit on my credit cards. Check with your VoIP carrier that he has effective credit limits!

Recently we have been hit by the attackers during the weekend causing more
than 100 K USD bill
They were dialing payphone type numbers” dial to win” by compromsing one of
our DID number.
Mostly calls were placed to Lithuania, and sierraleone.
But guys buckle up, there are some gangs using sophisticated mechanisms to
get into IP PBX systems
Remove all NAT with local IPs, block SIP ports and h.323 ports, if u r using
cisco upgrade to v15.12T.
add trusted gateway list.

One way to document and block hackers, is to implement a VoIP Abuse list.
Have a look at VoIP Abuse Blacklist implentation.

32 people was apprehended in Romania, but the VoIP hacking continues from this country. Low wages, highly educated people and not too many jobs often forces people to start hacking, combined with low risk of being caught.

This was from IP 188.24.194.155 caught in a SIP honeypot belonging to Honeynet Project.